How do you delegate your OpenId to Google Apps

Question

I use Google Apps for my domain email, and I was wondering if I could use that account for OpenID instead of the regular Gmail account.

I know I can delegate Openid

Answer 1

For OpenId2 I currently have this on my site

<link rel="openid2.provider" href="https://www.google.com/accounts/o8/ud" />

as it is the only one required. Since I am logged in to Google Apps now as my default google account. OpenID consumers (Stack Exchange Sites mostly at this point) use that account (I get a message from google asking if the site can use that google account.

This doesn't FORCE the google apps account the way it would if you used a non-google apps account with (in addition to the provider above)

<link rel="openid2.local_id" href="http://www.google.com/profiles/YOURGOOGLEPROFILE" />

But it does allow me to use my google apps account because it is the one I am currently logged in with.

Answer 2

They say they will in the future but doesn't give any clue to when the future will be here. See this thread in Google groups http://groups.google.com/group/google-federated-login-api/browse_thread/thread/19b33847210e5708

Answer 3

MyOpenID.com does offer openid on your own domain.

Answer 4

Google recently (an hour or so ago) announced OpenID support for Google Apps customers.

Check out the discovery protocol on Google Groups. Should be a good start.

I believe the endpoint is ht tps://www.google.com/accounts/o8/site-xrds?hd=your-domain.com

Answer 5

My understanding is that Google is not exposing that server url, and as such makes this technique inoperable for a Google OpenID.

Answer 6

You can run your own openid server in your Google Apps domain (using GAE) - Google provides sample code of openid server. I've recently ported this to latest OpenID library, so now it is Openid 2.0 compatible. Project page: http://code.google.com/p/appengine-openid-provider/